Manualshelf

Software Distributor Administration Guide for HP-UX 11i

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
281282283284285286287288289290
SD-UX Security
Security on SD-UX Systems
Chapter 9286
security files. Controllers are set-uid root programs that run with the
superuser privilege in effect only briefly to do critical privileged
operations, then they switch to the real uid of the user.
Here is a summary of the SD-UX file system protection scheme:
SD-UX files are protected from access by anyone other than the
superuser by having the group and other permissions of crucial
directory modes set to 0.
Only agents and daemons running on the local host access SD-UX
files directly. All other facilities (controllers, utilities, etc.) go through
the agents using RPC to indirectly access files. The agent or daemons
perform authentication and authorization checks on all such
operations.
No hard links may exist that circumvent the directory protection
hierarchy of the SD-UX directories nor may symlinks exist that
compromise the secrecy of the contents of those directories
containing objects that might have list restrictions in effect. Use of
only a single (canonical) path to SD-UX objects avoids any such
aliasing problems.
Thus, the SD-UX files are totally protected and hidden from
non-superuser access.